GHSA-pf55-fj96-xf37, CVE-2024-24566
npm/@lobehub/chat
Improper Access Control
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the ACCESS_CODE
option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
All versions up to 0.122.3
Upgrade to version 0.122.4 or above.
2024-02-01
source |